Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Poll

Is King right? Should all games adopt the free-to-play model?:

Shout box

You're not permitted to post shouts.
MaskedPixelanteNumber 3: Night Dive was brought to the attention of the public by a massive game recovery, and yet most of their released catalogue consists of games that other people did the hard work of getting re-released.04/17/2014 - 8:46pm
MaskedPixelanteNumber 2: If Humongous Entertainment wanted their stuff on Steam, why didn't they talk to their parent company, which does have a number of games published on Steam?04/17/2014 - 8:45pm
MaskedPixelanteNumber 1: When Night Dive spent the better part of a year teasing the return of true classics, having their big content dump be edutainment is kind of a kick in the stomach.04/17/2014 - 8:44pm
Matthew Wilsonhttp://www.giantbomb.com/articles/jeff-gerstmann-heads-to-new-york-takes-questions/1100-4900/ He talks about the future games press and the games industry. It is worth your time even though it is a bit long, and stay for the QA. There are some good QA04/17/2014 - 5:28pm
IanCErm so they shouldn't sell edutainment at all? Why?04/17/2014 - 4:42pm
MaskedPixelanteNot that linkable, go onto Steam and there's stuff like Pajama Sam on the front-page, courtesy of Night Dive.04/17/2014 - 4:13pm
Andrew EisenOkay, again, please, please, PLEASE get in a habit of linking to whatever you're talking about.04/17/2014 - 4:05pm
MaskedPixelanteAnother round of Night Dive teasing and promising turns out to be stupid edutainment games. Thanks for wasting all our time, guys. See you never.04/17/2014 - 3:44pm
Matthew WilsonAgain the consequences were not only foreseeable, but very likely. anyone who understood supply demand curvs knew that was going to happen. SF has been a econ/trade hub for the last hundred years.04/17/2014 - 2:45pm
Andrew EisenMixedPixelante - Would you like to expand on that?04/17/2014 - 2:43pm
MaskedPixelanteWell, I am officially done with Night Dive Studios. Unless they can bring something worthwhile back, I'm never buying another game from them.04/17/2014 - 2:29pm
PHX Corphttp://www.msnbc.com/ronan-farrow/watch/video-games-continue-to-break-the-mold-229561923638 Ronan Farrow Daily on Video games breaking the mold04/17/2014 - 2:13pm
NeenekoAh yes, because by building something nice they were just asking for people to come push them out. Consequences are protested all the time when other people are implementing them.04/17/2014 - 2:06pm
Matthew Wilsonok than they should not protest when the consequences of that choice occur.04/17/2014 - 1:06pm
NeenekoIf people want tall buildings, plenty of other cities with them. Part of freedom and markets is communities deciding what they do and do not want built in their collective space.04/17/2014 - 12:55pm
Sora-ChanI realize that they have ways getting around it, but one reason might be due to earthquakes.04/17/2014 - 4:42am
Matthew WilsonSF is a tech/ economic/ trade center it should be mostly tail building. this whole problem is because of the lack of tail buildings. How would having tail apartment buildings destroy SF? having tail buildings has not runed other cities around the US/world04/16/2014 - 10:51pm
Matthew WilsonAgain the issue is you can not build upwards anywhere in SF at the moment, and no you would not. You would bring prices to where they should have been before the market distortion. those prices are not economic or socially healthy.04/16/2014 - 10:46pm
ZippyDSMleeYou still wind up pushing people out of the non high rise aeras but tis least damage you can do all things considered.04/16/2014 - 10:26pm
ZippyDSMleeANd by mindlessly building upward you make it like every place else hurting property prices,ect,ect. You'll have to slowly segment the region into aeras where you will never build upward then alow some aeras to build upward.04/16/2014 - 10:25pm
 

Be Heard - Contact Your Politician